AspNetCore.Docs/aspnetcore/security/gdpr/includes/gdpr6.md

:::moniker range="= aspnetcore-6.0"

• The project templates include extension points and stubbed markup that you can replace with your privacy and cookie use policy.
• The Pages/Privacy.cshtml page or Views/Home/Privacy.cshtml view provides a page to detail your site's privacy policy.

To enable the default cookie consent feature like that found in the ASP.NET Core 2.2 templates in a current ASP.NET Core template generated app, add the following highlighted code to Program.cs:

[!code-csharpMain]

In the preceding code, xref:Microsoft.AspNetCore.Builder.CookiePolicyOptions and xref:Microsoft.AspNetCore.Builder.CookiePolicyAppBuilderExtensions.UseCookiePolicy%2A are used.

• Add the cookie consent partial to the _Layout.cshtml file:

  [!code-cshtmlMain]

• Add the _CookieConsentPartial.cshtml file to the project:

  [!code-cshtmlMain]

• Select the ASP.NET Core 2.2 version of this article to read about the cookie consent feature.

Encryption at rest

Some databases and storage mechanisms allow for encryption at rest. Encryption at rest:

• Encrypts stored data automatically.
• Encrypts without configuration, programming, or other work for the software that accesses the data.
• Is the easiest and safest option.
• Allows the database to manage keys and encryption.

For example:

• Microsoft SQL and Azure SQL provide Transparent Data Encryption (TDE).
• SQL Azure encrypts the database by default
• Azure Blobs, Files, Table, and Queue Storage are encrypted by default.

For databases that don't provide built-in encryption at rest, you may be able to use disk encryption to provide the same protection. For example:

• BitLocker for Windows Server
• Linux:
  • eCryptfs
  • EncFS.

Additional resources

• Microsoft.com/GDPR

:::moniker-end